If you don't already know I'm a systems administrator for a small MSP and I was tasked with taking a predominately Mac OS X (mixed version) environment with some Windows XP, 7 and various linux OS mixed in and combine it into one directory for single sign on. I'm talking literally 1200 Macs, 400 Windows computers, and about 100 linux workstations mostly running red hat.

Now, the fun part was when I got there this school had zero documentation. I did not have passwords, IPs, DNs or even a network diagram to figure out how this whole smash was running. After heavy use of ophcrack and single user mode (Macs are super easy to get into), I finally got the whole school pushed over to one local administrator account and during this process I discovered that the school had 6 existing seperate domains.... Yep, all binded to different domains and some to servers that didn't exist anymore!

I proceeded then to find all the servers located on campus, which happened to be in the most random places you could imagine... For example, found their accounting server with all their payroll sitting in a janitor's closet plugged directly into the wall with no redundant power....With no password...Awesome.. After a couple weeks, I found most of the hidden servers that were all supplying their own seperate DNS entries (awesome) I was finally able to bring my main directory online (Active Directory) and start pushing everything onto that.

Not so fast....Macs can't be controlled by Group Policy using just Active Directory you silly sysadmin. In the past, I've only had to deal with maybe 20 apple computers in a photography lab which is pretty easy to do with managed services, but we were talking a massive amount of Macs with no existing Open Directory to deliver a schema. So, I had to build an LDIF file from scratch taken from various scripts online mainly because 800 of these macs are still running Tiger which supports none of the newer 3rd party solutions for this even... My life is going great at this point...

So this week the system is fully operational under one single sign on using Active Directory and Group Policy with an extended schema for apple attributes. Linux took me 30 minutes to configure... Macs took me a better part of 2 months to complete. This was probably the worst network I've ever had to bring online and I still have to rebuild their 12 year old infrastructure over the summer as the entire building is cabled with CAT 3 :\

Ya, the fun never stops..

"But this is irrelevant because in either case, whether a god exists or not, whether your God (with a capital G) exists or not, it doesn't matter. We both are, in either case, evolved apes. " - Nesslig20

Master_Ghost_Knight wrote:Wouldn't it be easier to do it from scratch?

It essentially was, but I had to demote everything so I could bring all the computers off their seperate domains and then deploy the new AD which I did through Apple Remote Desktop and unix script. I should also note that every computer in the network had been STATIC assigned their IPv4 including DNS.... Yeah...

*EDIT* The DNS servers for half of these computers were defunct so the end users had not even been going onto the internet because domain names couldnt be resolved. Go figure right?

"But this is irrelevant because in either case, whether a god exists or not, whether your God (with a capital G) exists or not, it doesn't matter. We both are, in either case, evolved apes. " - Nesslig20